SSL Certificate for a Web Application

advertisements

Im looking to use an SSL certificate for my web application. Can anyone give pointers as to how i include this in the web application? via the web.xml file? I have found lots of examples for IIS but i will be using tomcat and apache.

I guess the process includes purchasing a certificate and then assocating the web app with the certificate? Is that correct?


I guess the process includes purchasing a certificate and

You do not have to buy anything. You can use java's keytool, OpenSSL or Bouncy Castle to create a self-signed certificate. But for this to work you must configure your web clients to use a custom truststore or import the certificate in java's default truststore

assocating the web app with the certificate

No. It is the server that is authenticated and sends the certificate and not the web application.

will be using tomcat and apache.

You have to go to server.xml and uncomment the connector for SSL.
There you must define the keystore and the password. If you want mutual authentication the truststore as well. E.g.

<Connector protocol="org.apache.coyote.http11.Http11Protocol" clientAuth="false"
           port="8443" keystoreFile="/conf/serverKeys.p12"
   keystoreType="PKCS12" keystorePass="123456" etc

/>

You can check Tomcat's guide: Tomcat SSL how-to